From ca11535917f0b3c9cfd4a28d2ccff924724caf3f Mon Sep 17 00:00:00 2001 From: Shamil Date: Fri, 20 Mar 2026 18:58:41 +0300 Subject: [PATCH] gh-146196: Fix Undefined Behavior in _PyUnicodeWriter_WriteASCIIString() (#146201) Avoid calling memcpy(data + writer->pos, NULL, 0) which has an undefined behavior. Co-authored-by: Victor Stinner (cherry picked from commit cd10a2e65c25682095f6ee4a9b9a181938a50d2e) --- .../2026-03-20-13-55-14.gh-issue-146196.Zg70Kb.rst | 2 ++ Objects/unicodeobject.c | 4 ++++ 2 files changed, 6 insertions(+) create mode 100644 Misc/NEWS.d/next/Core_and_Builtins/2026-03-20-13-55-14.gh-issue-146196.Zg70Kb.rst diff --git a/Misc/NEWS.d/next/Core_and_Builtins/2026-03-20-13-55-14.gh-issue-146196.Zg70Kb.rst b/Misc/NEWS.d/next/Core_and_Builtins/2026-03-20-13-55-14.gh-issue-146196.Zg70Kb.rst new file mode 100644 index 00000000000000..9e03c1bbb0e1cb --- /dev/null +++ b/Misc/NEWS.d/next/Core_and_Builtins/2026-03-20-13-55-14.gh-issue-146196.Zg70Kb.rst @@ -0,0 +1,2 @@ +Fix potential Undefined Behavior in :c:func:`PyUnicodeWriter_WriteASCII` by +adding a zero-length check. Patch by Shamil Abdulaev. diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c index 53f219eb185d77..4a457c4ac9ff3b 100644 --- a/Objects/unicodeobject.c +++ b/Objects/unicodeobject.c @@ -14054,6 +14054,10 @@ _PyUnicodeWriter_WriteASCIIString(_PyUnicodeWriter *writer, if (len == -1) len = strlen(ascii); + if (len == 0) { + return 0; + } + assert(ucs1lib_find_max_char((const Py_UCS1*)ascii, (const Py_UCS1*)ascii + len) < 128); if (writer->buffer == NULL && !writer->overallocate) {